"Ransomware: Not Enough Victims Are Reporting Attacks, and That's a Problem for Everyone"
Ransomware remains a significant cyber threat to businesses and the general public, but it is difficult to determine the true scope of attacks because many victims are not reporting them. The warning came from the National Cyber Security Centre's (NCSC) Annual Review for 2022, which examines key developments and cybercrime incidents over the last year, with ransomware described as an ever-present threat and a significant challenge for businesses and public services. The review details how there were 18 ransomware incidents that required a "nationally coordinated" response during the 12-month period between September 1, 2021, and August 31, 2022. These included attacks on a National Health Service (NHS) supplier and a ransomware attack on South Staffordshire Water. However, the true impact of ransomware remains unknown because, according to the NCSC, many organizations that are victims of ransomware attacks do not report them. This is despite the significant and disruptive consequences ransomware attacks can have, not only for organizations but for society as a whole, which is why cybersecurity must be taken seriously, and incidents must be reported. These attacks have genuine real-world consequences and serve as a reminder to all organizations of the critical mitigation measures outlined in NCSC's guidance. Organizations must treat cyber security as a genuine, board-level risk that must be managed. This article continues to discuss the lack of disclosures by ransomware victims, the potential impact of ransomware attacks, and the remaining threat of phishing attacks.